Some of the work was carried out while Kawamoto, Steel, and Tsay were working in INRIA project Secsi at LSV, ENS-Cachan. Simionato is now at Google.

What are the prerequisites for these attacks?

You need access to the UnwrapKey function. This
could be achieved, for example, directly by putting malware on the host machine, or
indirectly if the unwrap key functionality is exposed via a network
protocol.

What are the consequences of these attacks?

The modified version of the Bleichenbacher attack reveals a
plaintext encrypted under an RSA key. That plaintext, in the context
of the PKCS#11 UnwrapKey command, is a symmetric key. The same attack can also be used to forge a signature, though this takes longer. Our paper gives full details.

The Vaudenay CBC attack may reveal either a symmetric key or a private RSA key if it has been
exported from a device under a symmetric cipher like AES using
CBC_PAD.

How much do you improve on previous attacks on PKCS#1v1.5 ?

The best previous attack was due to Klima et al., which is roughly
twice as fast as Bleichenbacher's original algorithm on a standard
PKCS1v1.5 padding oracle. Our attack is more then ten times as fast as the original algorithm, so a factor
of five improvement on the best previously known attack. Here we measure speed as the median number of oracle
calls required to complete the attack, measured over 1000 runs with
different RSA keypairs.

Is there a patch for the PKCS#1v1.5 vulnerability?

Yes, use a padding mode that has IND-CCA security proofs, like OAEP as standardised in PKCS#1v2, and make sure this is the only mode available at the API.

Do the attacks in the paper reveal the private half of RSA
keypairs?

Like the original algroithm, our version of the Bleichenbacher
attack does not reveal the private half of the RSA key used for encryption.

Do your attacks reveal the seed values used to generate one
time passwords (OTPs) on an RSA token?

No.

Did you follow "responsible disclosure" procedures?

Yes. All affected vendors were informed more then 12 months before the paper was published.